<?php
session_start();
include_once $_SERVER['DOCUMENT_ROOT'] . '/TEAMSCI/securimage/securimage.php';
$securimage = new Securimage();

//This will get user input for important fields, verify the information and check to see that it is all correct
include "library.php";
$trig = false;

print_header(1,101);

//If all the fields were filled out and captcha code is correct

if($securimage->check($_POST['captcha_code']) == true && $_POST["fname"] != "" && $_POST["lname"] != "" && $_POST["user"] != "" && $_POST["pass"] != "" && $_POST["email"] != "" && ($_POST["pass"] == $_POST["pass2"])){
  
  //Now sanatize all of the fields that need to be put into the database
		
  $pwdb = connectSQLServer("wendlc_teamsci","sdd","");
  mysql_select_db("wendlc_TeamSci");
		
  //Now that the college name is verified lets add everything into the database after ensuring it is santatized.

  if(isset($_POST["Add"])){
    $query1 = sprintf("SELECT UserID From Users WHERE UserID = '%s'",
	mysql_real_escape_string(htmlspecialchars($_POST["user"]),$pwdb));
    $q = dbquery($query1);

    //User ID does not exist

    if(mysql_num_rows($q) == 0){
      $query = sprintf("INSERT INTO Users (FirstName, LastName ,UserID ,Password ,Email, Position) VALUES ('%s','%s','%s','%s','%s','%s')",
	 mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["fname"])), $pwdb),
	 mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["lname"])), $pwdb),
	 mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["user"])), $pwdb),
	 mysql_real_escape_string(md5(stripslashes(htmlspecialchars($_POST["pass"])), "pw"),$pwdb),	
	 mysql_real_escape_string(stripslashes(htmlspecialchars($_POST["email"])), $pwdb),
	 mysql_real_escape_string(htmlspecialchars($_POST["UserChecker"]), $pwdb));
      $r = dbquery($query);
				
      //Two aditional fields are stored in the DB
      //Unique user number, makes subsequent operations faster
      //Approved bit, Approved or not Approved.... Default = 0

      //Submission was succesful
      //Redirect user to a page where they are told that there request will be reviewed soon
      //Store Name in a session cookie so name can be displayed, a personal touch
				
      $_SESSION["fname"] = htmlspecialchars($_POST[fname]);
      $_SESSION["email"] = $_POST["email"];
      $_SESSION["user"] = $_POST["user"];
      echo "<script>location.href='PostRegistration.php'</script>";
    } else {
      echo 'User ID is already taken please pick anohter.<BR><BR><BR>';	
    }
  }
} else {
  if($securimage->check($_POST['captcha_code']) == false && isset($_POST["add"])){
    echo "Invalid CAPTCHA Code<BR><BR>";
  } else if($_POST["pass"] != $_POST["pass2"]) {
    echo "Passwords did not match...<BR><BR>";
  } else {
    echo "Please fill in all of the fields<BR><BR>";
  }
}

?>
		<form method = "post">
		First Name: <input type = "text" name = "fname" value = "" MAXLENGTH = 200/><br /><br />
		Last Name: <input type = "text" name = "lname" value = "" MAXLENGTH = 200/><br /><br />
		Email: <input type = "text" name = "email" value = "" MAXLENGTH = 200/><br /><br />
		User ID: <input type = "text" name = "user" value = "" MAXLENGTH = 100/><br /><br />
		Password: <input type = "password" name = "pass" value = "" MAXLENGTH = 100/><br /><br />
		Confirm Password: <input type = "password" name = "pass2" value = "" MAXLENGTH = 100/><br /><br />
 		<INPUT TYPE = "radio" NAME = "UserChecker" VALUE = "2">Lead Researcher<BR>
		<INPUT TYPE = "radio" NAME = "UserChecker" CHECKED VALUE = "3">Researcher<BR><BR>
		<img id="captcha" src="/TEAMSCI/securimage/securimage_show.php" alt="CAPTCHA Image" /><BR>
		<a href="#" onclick="document.getElementById('captcha').src = '/TEAMSCI/securimage/securimage_show.php?' + Math.random(); return false">Reload Image</a><BR><BR>
		<input type="text" name="captcha_code" size="10" maxlength="6" /><BR><BR>
		<input type = "submit" name = "Add" value = "Sign Up!"/>
		</form>
<?php
print_footer();
?>